NetBSD Problem Report #59217

From www@netbsd.org  Wed Mar 26 13:44:25 2025
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits)
	 client-signature RSA-PSS (2048 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 452891A9239
	for <gnats-bugs@gnats.NetBSD.org>; Wed, 26 Mar 2025 13:44:25 +0000 (UTC)
Message-Id: <20250326134423.CC43F1A923D@mollari.NetBSD.org>
Date: Wed, 26 Mar 2025 13:44:23 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: ixl(4): bogus return value in ixl_other_intr
X-Send-Pr-Version: www-1.0

>Number:         59217
>Category:       kern
>Synopsis:       ixl(4): bogus return value in ixl_other_intr
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Mar 26 13:45:00 +0000 2025
>Originator:     Taylor R Campbell
>Release:        current, 10, 9, ...
>Organization:
The NetIXL(4) Interruption
>Environment:
>Description:
Generally, an interrupt handler is supposed to return 1 if it handled an applicable event, or 0 if it did not and the interrupt must have been for someone else.

However, in ixl(4), the interrupt handler ixl_other_intr leaves the return value uninitialized if there are no applicable events.  And in several cases of what look like applicable events, it doesn't change the return value to 1.

   3541 	int rv;
...
   3546 	if (ISSET(icr, I40E_PFINT_ICR0_ADMINQ_MASK)) {
...
   3550 		rv = 1;
   3551 	}
   3552 
   3553 	if (ISSET(icr, I40E_PFINT_ICR0_LINK_STAT_CHANGE_MASK)) {
...
   3559 		rv = 1;
   3560 	}
   3561 
   3562 	if (ISSET(icr, I40E_PFINT_ICR0_GRST_MASK)) {
... (missing rv = 1?)
   3573 	}
   3574 
   3575 	if (ISSET(icr, I40E_PFINT_ICR0_ECC_ERR_MASK))
   3576 		atomic_inc_64(&sc->sc_event_ecc_err.ev_count);
   3577 	if (ISSET(icr, I40E_PFINT_ICR0_PCI_EXCEPTION_MASK))
   3578 		atomic_inc_64(&sc->sc_event_pci_exception.ev_count);
   3579 	if (ISSET(icr, I40E_PFINT_ICR0_PE_CRITERR_MASK))
   3580 		atomic_inc_64(&sc->sc_event_crit_err.ev_count);
...
   3597 	return rv;

https://nxr.netbsd.org/xref/src/sys/dev/pci/if_ixl.c?r=1.99#3536

It is also unclear to me whether the other interrupt handler ixl_queue_intr is correct in unconditionally returning 1.
>How-To-Repeat:
code inspection
>Fix:
Partial fix has already been committed, but the :


Module Name:    src
Committed By:   christos
Date:           Tue Mar 25 19:24:07 UTC 2025

Modified Files:
        src/sys/dev/pci: if_ixl.c

Log Message:
Don't return random value from interrupt. (coverity)


To generate a diff of this commit:
cvs rdiff -u -r1.99 -r1.100 src/sys/dev/pci/if_ixl.c

Home	PR Database Search